AMX MVP-8400i manual AMX Certificate Upload Utility, EAP security method in process

Appendix B - Wireless Technology

LAN

802.1x

(EAP over Wireless)

FIG. 77 EAP security method in process

1.The client (panel) establishes a wireless connection with the WAP specified by the SSID.

2.The WAP opens up a tunnel between itself and the RADIUS server configured via the access point. This tunnel means that packets can flow between the panel and the RADIUS server but nowhere else. The network is protected until authentication of the client (panel) is complete and the ID of the client is verified.

3.The WAP (Authenticator) sends an "EAP-Request/Identity" message to the panel as soon as the wireless connection becomes active.

4.The panel then sends a "EAP-Response/Identity" message through the WAP to the RADIUS server providing its identity and specifying which EAP type it wants to use. If the server does not support the EAP type, then it sends a failure message back to the WAP which will then disconnect the panel. As an example, EAP-FAST is only supported by the Cisco server.

5.If the EAP type is supported, the server then sends a message back to the client (panel) indicating what information it needs. This can be as simple as a username (Identity) and password or as complex as multiple CA certificates.

6.The panel then responds with the requested information. If everything matches, and the panel provides the proper credentials, the RADIUS server then sends a success message to the access point instructing it to allow the panel to communicate with other devices on the network. At this point, the WAP completes the process for allowing LAN Access to the panel (possibly a restricted access based on attributes that came back from the RADIUS server).

As an example, the WAP might switch the panel to a particular VLAN or install a set of firewall rules.

AMX Certificate Upload Utility

The Certificate Upload utility gives you the ability to compile a list of target touch panels, select a pre-obtained certificate (uniquely identifying the panel), and then upload that file to the selected panel.

This application must be run from a local machine and should not be used from a remote network location.

This application ensures that a unique certificate is securely uploaded to a specific touch panel. Currently, the target panels must be capable of supporting the WPA-PSK and EAP-XXX wireless security formats.

The Certificate Upload utility supports the following capabilities:

Ability to browse both a local and network drive to find a desired certificate file. Ability to create a list of target AMX G4 touch panels based on IP Addresses

Compatible panels include: MVPs, NXD/T-CV10 and NXD/T-CV7, Ability to display the IP Address of the local computer hosting the application. Ability to load a previously created list of target touch panels.

Ability to save the current list of target Modero panel as a file.

Ability to track the progress of the certificate upload by noting the current data size being transmitted and any associated error messages (if any).